Summary
In this chapter, we discussed and learned about the IP reputation inspector module in Snort 3. We discussed how IP blocking evolved in Snort to the current state. We discussed how the IP reputation inspector module is configured, the various configuration parameters, and their importance. Finally, we discussed the functionality of the module and how it works.
The IP reputation inspector is a key module that can be extremely effective operationally. The effectiveness is as good as the quality of the IP blacklist. Although there are challenges in creating and maintaining a comprehensive and effective blacklist, there are strategies, such as inter-organization collaboration, that can help.
In the next chapter, we will look at Snort rules. Rules form the core of the Snort intrusion detection and prevention system. We will look at the syntax of Snort rules, and the various features that are available for a rule author.
